|
debianlinux
Myconerd - DBK



Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
|
ssh vs ICMP filtering
#5508935 - 04/12/06 04:45 PM (17 years, 9 months ago) |
|
|
so, i got a new cable modem connection and suddenly i cannot ping my modem address or traceroute or tunnel via ssh. the research i've done indicates that my ISP filters ICMP as some kind of "protect-me-from-the-hackers" service.
all fine and good, how the fuck do i get my ssh tunnel through this? any pointers, links, or answers are much appreciated.
|
debianlinux
Myconerd - DBK



Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
|
Re: ssh vs ICMP filtering [Re: debianlinux]
#5508978 - 04/12/06 04:55 PM (17 years, 9 months ago) |
|
|
fwiw, nmap tells me that the only port open on the last router to respond to the traceroute... iirc... is port 1720. even if the number is off i am certain it is a H.323 protocol port for VOIP which my cable provider happens to offer.
|
automan
blasted chipmunk


Registered: 09/18/03
Posts: 8,272
|
Re: ssh vs ICMP filtering [Re: debianlinux]
#5509173 - 04/12/06 05:49 PM (17 years, 9 months ago) |
|
|
your log look anything like this: Code:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established. log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:708]: Outgoing call established (call ID 0, peer's call ID 0). log[decaps_gre:pptp_gre.c:215]: short read (4294967295): Protocol not available log[callmgr_main:pptp_callmgr.c:245]: Closing connection log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection log[call_callback:pptp_callmgr.c:88]: Closing connection
?
-------------------- No, no, you're not thinking, you're just being logical. ~ Niels Bohr
|
debianlinux
Myconerd - DBK



Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
|
Re: ssh vs ICMP filtering [Re: automan]
#5509448 - 04/12/06 07:00 PM (17 years, 9 months ago) |
|
|
let me clear some stuff up.
the host machine is windows running the OpenSSH service. the client machine is windows running PuTTY. I have tried using a linux version of ssh from the client machine with the same results. i have yet to try this with the host machine booted into linux.
i assume the logfile in question is the host logfile which isn't going to look like that being as it is on a windows box. the logfile that does exist on the windows box is empty.
there does not appear to be a logfile being created on the client machine.
i can try any configuration i wish as far as which OS is running on either end. the only little catch atm is that I'm normally trying this from work (hence windows) and I am currently at home and am having to use my neighbor's unsecured wireless connection to do the testing. he is using the same ISP as I am and therefore a tracerooute actually works but ping still does not. i have no idea if this is relevant but I figured I might as well speak up about it now.
you tell me how you want me to test the thing I'll make it happen.
|
automan
blasted chipmunk


Registered: 09/18/03
Posts: 8,272
|
Re: ssh vs ICMP filtering [Re: debianlinux]
#5509530 - 04/12/06 07:19 PM (17 years, 9 months ago) |
|
|
try running http://pptpclient.sourceforge.net/
it binds the GRE socket prior to calling the server
-------------------- No, no, you're not thinking, you're just being logical. ~ Niels Bohr
|
Seuss
Error: divide byzero


Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: ssh vs ICMP filtering [Re: debianlinux]
#5511127 - 04/13/06 04:53 AM (17 years, 9 months ago) |
|
|
Call your ISP and ask them to open up tcp on port 22 on the router so that you can ssh into your machine remotely. I had my ISP open up a few of the lower ports that I use for various services (telnet, ftp, smtp, snmp, etc) and had them open up a block of higher addresses (23000-23015 tcp and udp) also. You will need to tell them what private IP address they need to forward the traffic to as well. In my case, I have a hardware firewall immediately after the ISP modem, so I have them forward all ports to the firewalls WAN address. I can then use the firewall to route the traffic to various machines on the private network.
-------------------- Just another spore in the wind.
|
debianlinux
Myconerd - DBK



Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 7 months, 1 day
|
Re: ssh vs ICMP filtering [Re: Seuss]
#5511836 - 04/13/06 10:38 AM (17 years, 9 months ago) |
|
|
so, you're saying that when you call your isp you actually get to talk to someone who knows what a port and/or tcp are or how to open it?
every time i have ever contacted my isp about legitimate issues on their network that i had a great deal of researched info to prove it was their miss i had to argue with several people at several levels over the course of several days to get the message to the right person.
i understand that I can do this but I would like to know if you have some magic ISP that employs people who can do more than read out of the step-by-step IE/Windows only book.
fwiw, i have found that you can get much farther with an ISP if you tell them up front that you do not have Windows, at all, anywhere. you immediately get past at least 2 hours worth of the "try this obvious dumb shit in IE" crap the low level techs are programmed to spew. otoh, most ISPs explicity disclaim any support for anything not Windows/IE... notably, the one I currently use.
|
|